The present invention is related to the field of computer security.
One of the activities of concern in computer security is identity theft, specifically the theft or other unauthorized obtaining of credentials that enable users to access a protected computer system. Such credentials can include, among other things, account names and passwords, the latter normally required to be treated confidentially to prevent unauthorized use (i.e., use by somebody other than an authorized user to whom the password is assigned for use in accessing the system). An unauthorized person obtaining the credentials of an authorized user can pose as that authorized user and engage in activity that may harm the user, the operator of the system, or others. For example, if the computer system controls access to an organization's intellectual property (such as computer program source code, inventions, etc.), an unauthorized person may be able to access the system and manipulate and/or steal the intellectual property.
In some cases, credential theft is facilitated by certain types of software, referred to as “malware”, that surreptitiously inhabits a user computer and monitors operation so as to obtain confidential information that is exposed during such operation. One well known example of such malware includes a so-called key logger, which by directly monitoring a user's keystrokes can thwart software mechanisms in the computer designed to protect a user's password or other confidential information. Other examples of malware functions include: document capturing, screen scraping (capturing the user's screen at a certain instant), network probing and more. Once the malware has collected this confidential information, it secretly exfiltrates it from the computer system to an Internet location, making it available to unauthorized persons who can use the information to obtain illegal access to the computer system protected by the password or similar user credential.